James Tom
Waxhaw,NC
Summary
Highly motivated IT professional with 8 years of experience in Cybersecurity and over 20 years of IT experience overall. Experienced in a wide range of technologies with the ability to learn quickly and adapt to new environments. I am seeking to further my career as a Cyber Security professional and pursue leadership roles. I am a passionate mentor and with a team-oriented approach to training and leadership.
Overview
22
22
years of professional experience
1
1
Certification
Work History
Associate Information Security Manager
Wells Fargo
04.2023 - Current
- Daily operational management of Cyber Threat Fusion Center Tier 1 Staff– North Carolina and Arizona team
- Proactively monitor, analyze and provide guidance on incidents to support remediation activities
- Oversee continuous monitoring across multiple technology platforms, including but not limited to servers, workstations, network, storage, legacy systems, and other IP-enabled systems across multiple networks
- Develop and maintain documentation on Cyber Security Operations, security alert process work‐flow, response playbooks, and other security workflow documentation
- Develop partnerships with Wells Fargo’s existing security teams across lines of business to respond to threats and control remediation
- Review Security Operations Center reports, threat reports, audit reports, and regulatory changes to identify and initiate risk prioritization and remediation
- Manage and partner with security service providers for security tool and process enhancements to improve security posture
- Establish execution of programs including risk management, vulnerability management, secure software development, and vendor management
- Maintain awareness of threat landscape companywide and provide security consultation in support of strategic planning and business development
- Lead implementation of complex projects and initiatives impacting one or more lines of business
- Develop and lead operational support for information security programs including identity and access management, incident response and investigations, and disaster recovery and business continuity
- Make decisions that move significant opportunity to create advances in information security and efficiency and potential risk companywide
- Ensure compliance and risk management requirements for supported area are met and work with other stakeholders to implement key risk initiatives
- Manage technical operations team
- Collaborate and consult with peers, colleagues, and managers
- Lead team to achieve objectives
- Interact with board, operating committee, management committee, executive management, and Operational Risk Committee
- Manage allocation of people and financial re‐sources for Information Security Analysis
- Mentor and guide talent development of direct reports and assist in hiring talent.
Senior Information Security Engineer
Wells Fargo
11.2022 - 04.2023
- Responsible for reviewing cases from Tier1 escalations for informational and low severity incidents
- Escalate and collaborate with T3 incident response team on Medium to Critical severity Cyber incidents
- Work on projects related to case automation and alert tuning and reporting
- Collaborate with team members on high priority projects, related to emergency Cyber events, vulnerabilities, case management and documentation, reporting, etc
- Test and review new platforms such as Chronicle
- Mentor new hires (Analysts and Engineers) for onboarding and continue to be a mentor for others after onboarding is complete
- Senior Analyst for weekend shift responsible for management, Tier2 and partner team escalations
- Provide training to new groups of Analysts
- Write new documentation for Cloud Alerts
- Update existing documentation for Crowdstrike and Splunk alerts
- Attend daily Agile/Scrum meetings
- Participate in Scrimmage and Capture the flag type Cyber events
- QA cases from Tier-1
- Ensure cases meet quality assurance expectations.
Senior Information Security Analyst
Wells Fargo
12.2016 - 11.2022
- Cyber Security Defense and Monitoring - protecting the bank against cyber risks and attacks
- Investigate various case types including but not limited to Malware object cases, Email campaigns, Antivirus events, Web proxy botnet events, DLP events, Wireless Rogue AP events
- Remediate when necessary or escalate to appropriate security teams
- Use of Security tools such as FireEye, Splunk, Netwitness, Cisco Prime, Wireshark, third party tools, and custom applications to help identify and investigate security events
- Work with Third party vendors and internal Wells Fargo teams to ensure DDOS attack events are mitigated
- Work with teams to implement network blocks from malicious actors due to attacks such as brute force or DDOS
- Update daily site reports to include daily work activity
- Send out email communications reports to notify security teams and senior management of critical security events such as DDOS attacks, Email Campaigns, and network blocks after they occur
- Assist with weekly Phishing Awareness reports
- Collaborate with other security teams to develop security content and fine tune alerting
- Maintain QA scores to a high standard
- Conduct QAs against other analysts case work
- Host Situational Awareness meetings to obtain recent security events from security teams and report on our teams current events
- Ensure being logged into the phone queue along the duration of the shift
- Answer incoming calls and assist customers with security related events, open cases for tracking and escalate to other security teams as needed
- Attend EACO bridge lines for newly declared vulnerabilities, or other security related incidents that occur which require multiple security teams to be involved
- Mentor co-workers with case work, peer review and provide training
- Ensure case procedure documentation is updated, perform quarterly review of documentation
- Consistently attend training and keep up to date on security tools and procedures
- Participate in User Acceptance Testing for case management platform
- Participate in CSIRT exercises with Simspace.
Network Engineer
Cisco Systems
12.2014 - 12.2016
- Participated in various roles during my employment with Cisco
- Started as member of Cisco Network Operations Center team providing 24/7 network monitoring for multiple clients, then moved to a network engineering role which required modifying router configs and updating access lists
- Monitor Branch, Campus and Core devices on Cisco network
- Devices include Cisco Switches, Routers, WAAS, Wireless Lan Controllers, Access Points
- (ASR 1004,1006 / Catalyst 6503, 6506, 6509, 6513, 6807, 4500x, 4510r+e, 3850 / ISR 4451x, 3900,2900, Nexus 7010)
- Respond to network alarms, perform initial triage, open internal Remedy 8 tickets, contact carriers, or open cases with TAC/HTTS teams to help troubleshoot issues on devices
- Use Splunk to view system logs
- Use Network Flow Analysis to view network utilization
- Work with Carriers - Open trouble tickets and communicate with Carriers to resolve Circuit issues such as link flapping, circuit hard down, errors seen on interface
- View Router logs and interfaces to determine port status and router neighbors
- View Mac address tables on switches to locate what switch port a device is connect to
- Use Traceroutes and pings to test for connectivity and path determination
- Used Remedy 8 to open and track cases
- Update cases on a consistent basis until case resolution
- Join conference calls with Operation Command Center to work on Priority 1 cases such as a site down, keep the team informed of updates and process to restore connectivity
- Help new team members with training or troubleshooting issues
- Updated router configurations, access lists, routing protocols, configuring Static Routes and Interfaces
- Setup internal and DMZ labs for customers
- Involved configuring lab gateway interfaces, routing protocol such as BGP or static route, applying Access List, allocating subnets, open case with Local IT for port patching and follow up with customer to confirm their lab is up and running properly
- Update and push Access Lists for Cisco Extranet partners
- Follow up with customers to ensure access is working properly
- Troubleshoot access when necessary by working with the customer
- Use traceroutes, pings, telnet, nslookup to help determine packet path and connectivity
- Investigate ports to confirm they are in the proper VLAN
- Configure switch ports to be added to a specific VLAN, check VLAN interfaces for proper operation
- Use Cisco Prime to check wireless devices and statistics, AP’s, Maps, Alarms, neighbors, etc
- Log into Wireless Lan Controllers to investigate Access Point connectivity and operation, client connectivity, etc
- Logon to switches to check AP connectivity, interfaces, VLAN operation
- Use command line tools in Linux such as vi to edit ACL files
- Run scripts to compile files
- Create Change Requests to implement changes on Routers and devices
- And Implement Change Requests during a Change window.
Project Manager
Imangu
07.2012 - 12.2013
- Manage projects for website development with Drupal
- Communicate with clients gathering requirements to develop website
- Develop wireframes Axure software
- Communicate with Chinese employees to develop website
- Maintain and manage project progress using Basecamp software
- Test website for bugs and create trouble tickets to report and track bugs
- Train client on using Drupals backend system.
Business Analyst
Baptist Hospital
01.2008 - 09.2010
- Functions include but are not limited to hardware triage, software triage, identification & classification of mission critical items, installation assistance and liaison during all hardware and software changes
- Coordination of all new IDs and passwords for new staff, the coordination of all report requests, and the coordination of all equipment and software purchases
- Responsible for resolution of any information technology problem/issue for assigned departments and responsible for proper issue escalation
- Follow all IT requests to their completion in order to maintain user functionality, and primary point of contact for the Quick Response Team (QRT) for all repair activities
- Use of Active Directory to reset user passwords, add users to printer groups and check group memberships
- Use of SMS for remote troubleshooting to remotely deploy software packages and re-image of workstations.
Desktop Technician
Bankatlantic Bankcorp
06.2006 - 12.2007
- Provided desktop support for users in corporate office
- Used help desk software Track-IT to track work orders
- Use of SMS for remote troubleshooting, re-image desktops and laptops
- Replace computer hardware components, including but not limited to hard drives, system boards, memory, peripherals, laptop components, etc
- Install various software including MS Office products, Oracle database, Adobe, and proprietary bank software
- Configure and provide support for blackberries
- Document procedures to resolve common or recurring software issues
- Provide computer support for new store openings
- Participate in Network Redundancy Fail-over tests
- Assist with computer moves, re-locations
- Assist WAN team and Telecom with Network related issues.
Network Operations Engineer / Network Administrator
VL.Net Inc
03.2002 - 06.2006
- Manage users through Microsoft Windows Active Directory and Microsoft Exchange
- Reset user passwords
- Monitored Network Operations Center
- Installed Windows Server OS and SQL database software on fax servers
- Setup and deployed fax servers to various locations across the nation
- Work with Telecom providers to activate T1 and ISDN lines
- Installed Cisco switches and routers
- Establish and maintain Data centers and POPs
- Maintain and schedule file backups
- Help end users with any computer related issues.
Education
Electronics Engineering Degree -
ITT Technical Institute
Ft. Lauderdale, FL06.1997
Ethnic Studies -
Miami Dade College
Miami, FL06.2010
Chinese Language Study (Mandarin) -
Beijing Sports University
01.2011
Chinese Language and culture -
Nanjing University
05.2009
Skills
- Incident Response
- Network Security
- Incident Response Management
- Information Security
- Intrusion Detection
- Patch management
- DDoS prevention
- Teamwork and Collaboration
- Disaster Recovery Planning
- Problem-solving abilities
Certification
- Netwitness Platform Foundations, 06/2022
- Netwintess Platform Analysis, 06/2022
- Netwitness Platform Introduction to Hunting, 06/2022
- Netwitness Hunting Challenge, 06/2022
- GIAC Certified Penetration Tester - GPEN (Analyst number: 16245), 03/2021
- GIAC Certified Incident Handler - GCIH (Analyst number: 31509), 03/2018
- Splunk Certified Power User, 01/2017
- Cisco CCNA certification, 05/2014
- New HSK Level 4 Certification (Chinese Language Proficiency test), 06/2011
Tools
- Google Chronicle
- XSOAR
- Crowdstrike
- Cybereason
- Fireeye/Trellix
- Proofpoint Threat Response
- RSA Netwitness
- SentinalOne
- Splunk
- Twinwave
- Wireshark
- Cisco Prime
- Confluence
- Azure Cloud
- Google Cloud Platform
- Agile/Scrum
- ServiceNow
- Jira
Languages
Chinese (Mandarin)
Limited Working
Timeline
Associate Information Security Manager
Wells Fargo
04.2023 - Current
Senior Information Security Engineer
Wells Fargo
11.2022 - 04.2023
Senior Information Security Analyst
Wells Fargo
12.2016 - 11.2022
Network Engineer
Cisco Systems
12.2014 - 12.2016
Project Manager
Imangu
07.2012 - 12.2013
Business Analyst
Baptist Hospital
01.2008 - 09.2010
Desktop Technician
Bankatlantic Bankcorp
06.2006 - 12.2007
Network Operations Engineer / Network Administrator
VL.Net Inc
03.2002 - 06.2006
Electronics Engineering Degree -
ITT Technical Institute
Ethnic Studies -
Miami Dade College
Chinese Language Study (Mandarin) -
Beijing Sports University
Chinese Language and culture -
Nanjing University